Overblown Facebook Warning – 'Do Not Open Any PMs From Anyone!'

Outline

Message posted on Facebook warns users not to open any private messages from anyone because the PMs may contain 'malicious malware'. The message claims that just opening the PM will infect the user's computer.

Brief Analysis

The message is greatly overblown and contains misleading information. Your computer cannot get infected with malware solely by opening a private Facebook message. People should certainly use caution when following links in private messages. But, this message is not a valid warning about PM related security threats and reposting it will help nobody. The claim that users should never open any PMs from anyone is just plain silly.

Example

DO NOT OPEN ANY PMS FROM ANYONE!!!! Malicious malware being delivered by private messages, it will say it came from a friend, and JUST OPENING THE PM will bomb you, even if you don't click on or open the file!!! REPEAT: DO NOT OPEN ANY PMS, run your malware scan and I advise downloading the Facebook malware app to secure your account!!!!!!!!!!

Detailed Analysis

According to this rather breathless message, which is currently circulating on Facebook, users should not open any private messages from anybody at all because they contain 'malicious malware'. The warning, peppered with redundant exclamation marks for added impact, claims that the simple act of opening one of the infected private messages will immediately infect the user's computer with the malware. The message advises users to run a malware scanner and download the 'Facebook malware app' to secure their Facebook accounts.
While its author may have been well intentioned, this message is too overblown and inaccurate to have any validity as a warning and sending it on will do nothing to help keep Facebook users safe from security threats.

Despite the claim in the message, your computer cannot be infected with malware just by opening a Facebook private message. Certainly, private messages may contain links to websites that harbour malware. Or links in the PM could point to rogue apps, malicious browser plugins, or phishing sites. And the sender could add a potentially malicious file to the PM and try to trick the recipient into downloading it.

But, the simple act of opening the PM itself is not going to 'bomb' your computer with malware as claimed. Some sort of action on the part of the recipient - such as clicking a link or opening a file - would be required before any malware was installed.

Moreover, the suggestion that users should not open ANY private messages from anybody at all is overkill at its very best. Vast numbers of completely benign private messages are exchanged between Facebook users every day. Many users rely on the private message system to communicate with family, friends and co-workers. The claim that people should stop using the PM system all together in response to a vague and misleading malware warning is just plain silly. The same advice could apply to email and the Internet in general. We could simply shut down our computers, smartphones, tablets and other Internet connected devices and never use them again. That would certainly protect us from all manner of cyber security threats once and for all. But, that is obviously not a viable option, and we must employ more sensible approaches to security issues.

Let's be clear here. People should certainly use due caution when opening private messages, just as they should with any other type of digital communication. Such messages could indeed point people to malware or scams. And, if a user's account has been compromised, criminals may send out fraudulent private messages in their victim's name.

But sending on the warning message is not an effective method of alerting users to potential threats that may be distributed via private messages.

It is unclear what 'Facebook malware app' that the warning is referencing. It perhaps means Facebook's Malware Checkpoint facility, which offers users access to security software. But, yes, users would do well to install a reliable anti-malware scanner and run it on a regular basis. That suggestion in the message is worth heeding.

Last updated: March 5, 2014
First published: March 5, 2014
Written by Brett M. ChristensenAbout Hoax-Slayer